With Heightened International Tension, Are Utilities Prepared In Case of Cyberattack?

image description

Trey Shanks

Environmental Scientist

With increased likelihood of cybersecurity attacks from overseas, now underscores the importance for utilities to conduct risk and resilience assessments, including cybersecurity, for American Water Infrastructure Act of 2018 compliance.

Last week, an American airstrike killed Major General Qassem Soleimani, who led the Quds Force of Iran’s Islamic Revolutionary Guard Corps (IRGC).  Iran has issued cyberattacks on American infrastructure before, including a New York dam in 2016 and a Las Vegas casino in 2014.

“There is ample evidence to suggest that Iranian-sponsored actors have invested considerable time and effort over the past several years to infiltrate the computer systems that control the critical infrastructure of the United States and its allies,” PAS Global COO Mark Carrigan told Utility Drive. “At some time these actors may leverage a successful infiltration to launch a cyber-attack.”

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Monday warning of possible cyber retaliation.

“Recent Iran-U.S. tensions have the potential for retaliatory aggression against the U.S. and its global interests. Iran and its proxies and sympathizers have a history of leveraging cyber and physical tactics to pursue national interests, both regionally and her in the U.S., such as:

  • Disruptive and destructive cyber operations against strategic targets, including finance, energy and telecommunications organizations, and an increased interest in industrial control systems and operational technology.
  • Cyber-enabled espionage and intellectual property theft targeting a variety of industries and organizations to enable a better understanding of our strategic direction and policy-making.
  • Disinformation campaigns promoting pro-Iranian narratives while pushing anti-U.S. sentiments.”

Read the full advisory here, which includes tips for cyber protection.

Cyber security is just one part of conducting a risk and resilience assessment. The deadline for large utilities to comply is March 31. To learn more about the risk and resilience assessments for the AWIA, click here.

image description

Trey Shanks, CFM, IAM, leads Freese and Nichols’ Asset Management services. He is a Principal in our Fort Worth office. trey.shanks@freese.com